An Anatomy of Crypto-Enabled Cybercrime
Oligopoly rules everything around us. Our weight below.
By assembling a diverse set of public, proprietary and hand-collected data, including dark web conversations in Russian, we conduct the first detailed anatomy of crypto-enabled cybercrime and highlight relevant economic issues. Our analyzes show that a few organized ransom gangs dominate the area and have evolved into sophisticated corporate-like operations with brick-and-mortar offices, franchising and affiliate programs. Their techniques have also become more aggressive over time, bringing layers of extortion and reputation management.
It is from the synopsis of an interesting new paper by Lin William Cong, Campbell Harvey, Daniel Rabetti and Zong-Yu Wu. It’s a pretty comprehensive look at the criminal ecosystem built on top of the cryptocurrency boom, ranging from hacking, money laundering, fraud, ransomware, sextortion and illegal trading.
Obviously, the data on these crimes is pretty sketchy, but when it comes to organized ransomware, Chainalysis estimates that the biggest gangs — primarily Conti, DarkSide, and Phoenix Cryptolocker — extorted at least $180 million from victims in 2021.
Some of these, such as Conti and DarkSide, operate as “ransomware-as-a-service”, meaning that they rent out their expertise to affiliates. The paper notes that these gangs have “even set up physical offices to run their ransomware business, just like regular high-tech companies”, and included this excerpt of a negotiation between a victim and a ransomware gang.
— victim: “We thought we had almost 6 days left. Our management is currently assessing the situation and determining the best solution.”
— Attacker: “Until we await your response to the situation. We stopped DDoS attacks on your domain, you can turn on your website. In addition to your blog, where it is hidden. No one will see information about it until we get an agreement. We already stopped other instruments that were already being processed today.”
— victim: “Okay, thanks. We want to cooperate with you. We just need some time in this difficult situation.” – Victim: “Can you tell us what we will receive when the payment is made?”
— attacker: “You will get: 1) full decryption of your systems and files 2) full filters 3) we will delete files that we have taken from you 4) audit of your network”
— Victim: “This situation is very difficult for us and we are worried that we may be attacked again or pay and you will still post our data. What assurances or evidence of file deletion can you give us?”
— Attacker: “We have a reputation and words, we also worry about our reputation. After successful agreement you will get: 1) complete filters of your files 2) after you confirm that we will delete all information and send you as evidence video, we are not interested in giving to anyone else your own data. We never work like that.”
Because if you can’t trust the word of a shadowy crypto-enabled ransomware company that has crippled your company and is extorting senior management, what’s the point?
The article is not written by anti-crypto zealots, and the authors emphasize that they believe cryptocurrencies and decentralized finance “potentially promote financial inclusion, reduce transaction costs, increase security and provide new capital for startups”. (We note that Cam Harvey is the author of a book on DeFi).
They also argue that trying to ban the entire space won’t work and is likely to be harmful.
A one-size-fits-all solution, such as restricting or banning the use of cryptocurrency by individuals or organizations, is problematic for three main reasons. First, this is not a national problem. Blockchains exist across multiple countries, and strict rules in a particular country or jurisdiction have little or no effect outside of that country. As we have seen from other global initiatives (e.g. carbon tax proposals), it is almost impossible to get global agreement. Second, while an important issue, cryptocurrency plays a small role in the big picture of illicit payments. Physical cash is truly anonymous, and this may actually explain the fact that 80.2% of the value of US currency is in $100 bills. It’s rare that consumers use $100 bills, and it’s just as rare that retailers are willing to accept them. Third, and most importantly, any use of cryptocurrency in a country eliminates all the benefits of the new technology. Even further, it puts the country at a potential competitive disadvantage. For example, a ban on crypto effectively eliminates both citizens and businesses from participating in web3 innovation.
Maybe. But while it’s true that blockchain transparency can enable demanding but effective analysis of crypto-enabled cybercrime, reading this report it’s hard not to believe that the transparency remedy is theoretical, but the costs are real.
For example, Conti was impeached earlier this year not because of sophisticated blockchain analysis and law enforcement knowledge, but because it supported Russia’s invasion of Ukraine. That led to an angry insider—supposedly a Ukrainian hacker—leaking the group’s entire toolkit and internal chats. Oops.